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DETAILED ACTION 

1. Claims 1-21 are pending in the application. 

2. Claims 1-21 have been rejected. 

Claim Objections 

3. Claims 1, 5 and 11 are objected to because of the following informalities: grammatical, 
typographical errors and mispelling. 

In claim 1, the word "one" is in plural for when it should be in singular form. In the first 
line of claim 5, the word "encryption" is repeated. The second word "encryption" should be 
"decryption". In claim 1 1, the word "for" has been misspelled as "fore". 

Appropriate correction is required. 

Claim Rejections -35 USC §102 

The following is a quotation of the appropriate paragraphs of 35 U.S. C 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in a patent granted on an application for patent by another filed in the United 
States before the invention thereof by the applicant for patent, or on an international application by another who 
has fulfilled the requirements of paragraphs (1), (2), and (4) of section 371(c) of this title before the invention 
thereof by the applicant for patent. 

The changes made to 35 U.S.C. 102(e) by the American Inventors Protection Act of 1999 
(AIPA) and the Intellectual Property and High Technology Technical Amendments Act of 2002 
do not apply when the reference is a U.S. patent resulting directly or indirectly from an 
international application filed before November 29, 2000. Therefore, the prior art date of the 
reference is determined under 35 U.S.C. 102(e) prior to the amendment by the AIPA (pre- AIPA 
35 U.S.C. 102(e)). 
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4. Claims 1-7, 9 and 10 are rejected under 35 U.S.C 102(e) as being anticipated by Devine 
et al U.S. Patent No. 6,606,708 Bl. 

As to claim 1, Devine et al discloses a load balancing SSL acceleration device, 

comprising: 

a processor, memory and communications interface [column 5, lines 37- 

53]; 

a TCP communications manager capable of interacting with a plurality of 
client devices and server devices simultaneously [column 8, lines 36-65]; 
a secure communications manager [column 6, lines 38-43]; 
an encryption and decryption engine instructing the processor to encrypt 
data from a secure communications session and direct it to the second 
communication session [column 8, lines 22-35]; and 

a load balancing engine associating ones of the client devices with ones of 
the servers for a communications session based on calculated processing loads of 
each the server [column 8, lines 36-65]. 
As to claim 2, Devine et al discloses that the TCP communications manager provides an 
IP address of an enterprise to the communications manager [column 23 line 17 to column 24 line 
14], Devine et al discloses that each of the plurality of servers is associated with the enterprise 
[column 24, lines 44-65]. 

As to claim 3, Devine et al discloses that the secure communications manager negotiates 
a secure communications session with each of the plurality of client devices over an open 
network [column 13 line 60 to column 14 line 37]. 
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As to claim 4, Devine et al discloses that the TCP communications manager negotiates a 
separate, open communications session with one of the plurality of servers associated with the 
enterprise for each secure communications session negotiated with a client device [column 13 
line 60 to column 14 line 37]. 

As to claim 5, Devine et al discloses that the encryption and decryption engine decrypts 
packet data received on the communications interface via a secure communications session, 
decrypts application data in the packet data and maps the data to an appropriate TCP session 
[column 8 line 66 to column 9 line 23]. 

As to claim 6, Devine et al discloses that the appropriate TCP session is selected by the 
load-balancing engine [column 23 line 17 to column 24 line 14]. 

As to claim 7, Devine et al discloses that the TCP communications manager responds to 
TCP communications negotiations directly for the enterprise [column 24, lines 27-43]. 

As to claim 9, Devine et al discloses that the secure communications engine negotiates a 
secure communication session for each TCP communications session [column 13 line 60 to 
column 14 line 37]. 

As to claim 10, Devine et al discloses the secure communications manager responds to all 
secure communications with each client device [column 9, lines 42-59]. 

5. Claims 12-15 and 17-21 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Lincke et al U.S. Patent No, 6,397,259 Bl. 

As to claim 12, Lincke et al discloses a method for performing SSL acceleration of data 
communications between a plurality of customer devices attempting to communicate with an 
enterprise having a plurality of servers, comprising: 
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providing a device enabled for secure communication with customer 
devices and having an IP address associated with the enterprise [column 19, lines 
35-50]; 

receiving communications directed to the enterprise in a secure protocol 
from the customer devices [column 11, lines 8-25]; 

decrypting data packets of the secure protocol to provide decrypted packet 
data [column 85 line 63 to column 86 line 20]; 

selecting at least one of the plurality of servers in the enterprise based on a 
load calculation including processing sessions of other servers in the enterprise 
and associating the selected server with a communications session from one 
[column 111, lines 11-39]; and 

forwarding the decrypted packet data to the selected server of the 
enterprise [column 85 line 63 to column 86 line 20]. 
As to claim 13, Lincke et al discloses that the method further includes the steps of: 

receiving application data from the selected server of the enterprise 
[column 83 line 60 to column85 line 61]; 

encrypting the application data received from the selected server [column 
83 line 60 to column85 line 61]; and 

forwarding encrypted application data to the customer device [column 83 
line 60 to column85 line 61]. 
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As to claim 14, Lincke et al discloses that the step of receiving secure communications 
directed to the enterprise includes receiving communications having a destination IP address of 
the enterprise [column 108, lines 48-59]. 

As to claim 15, Lincke et al discloses negotiating the secure protocol session with the 
customer device by responding as the enterprise to the customer devices [column 11, lines 8-25]. 
As to claim 17, Lincke et al discloses that the step of forwarding comprises: 

establishing an open communication session with the selected server 
[column 85 line 63 to column 86 line 20], and 

mapping the decrypted packet data to an open communications session 
established with the selected server [column 85 line 63 to column 86 line 20]. 
As to claim 18, Lincke et al discloses that the open communications session is established 
via a secure network [column 11, lines 8-25]. 

As to claim 19, Lincke et al discloses that the step of receiving comprises: 

receiving SSL encrypted data having a length greater than a TCP segment 
carrying the data [column 82 line 50 to column 83 line 30]; and 
wherein the step of decrypting comprises 

buffering the SSL encrypted data in a memory buffer in the SSL 
accelerator device, the buffer having a length equivalent to the block 
cipher size necessary to perform the cipher [column 82 line 50 to column 
83 line 30]; and 
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decrypting the buffered segment of the received SSL encrypted 
data to provide decrypted application data [column 82 line 50 to column 
83 line 30]. 

As to claim 20, Lincke et al discloses that the step of authenticating the data on receipt of 
a final segment [column 83, lines 19-30]. 

As to claim 21, Lincke et al discloses that the step of generating an alert if the step of 
authenticating results in a failure [column 83, lines 19-30]. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

6. Claims 8 and 11 is rejected under 35 U.S.C. 103(a) as being unpatentable over Devine et 
al U.S. Patent No. 6,606,708 Bl as applied to claim 1 above, and further in view of Gelman 
et al U.S. Patent No. 6,415,329 Bl. 

As to claims 8 and 11, Devine et al does not teach that the secure communications 
manager changes a destination IP address for each packet to a server IP address for each session. 

Gelman et al teaches a secure communications manager that changes a destination IP 
address for each packet to a server IP address for each session [column 10, lines 9-21]. 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Devine et al so that the proxy server would have 
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changed the destination IP address for each packet to one of the server IP addresses for each 
session. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Devine et al by the teaching of Gelman et al because the 
detrimental effects of latency and errors on TCP are avoided and link utilization is greatly 
increased, TCP/IP headers are replaced with a much shorter WLP header, leaving more 
bandwidth for data. In addition, TCP/IP data may be compressed so that fewer bytes need to be 
sent over the wireless segment, thus improving data transfer times. Encryption may also be used 
to protect data from eavesdropping. Finally, the system may be implemented without making any 
changes to the TCP/IP code on the gateway. No changes of any kind are required to the end users 
[column 5, lines 54-67]. 

7. Claim 16 is rejected under 35 U.S.C. 103(a) as being unpatentable over Lincke et al U.S. 
Patent No. 6,397,259 Bl as applied to claim 12 above, and further in view of Gelman et al 
U.S. Patent No. 6,415,329 Bl. 

As to claim 16, Lincke et al does not teach that the step of forwarding comprises 
modifying the destination IP address of data packets from the enterprise IP to an IP for the 
selected server. 

Gelman et al teaches a secure communications manager that changes a destination IP 
address for each packet to a selected server IP address for each session [column 10, lines 9-21], 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Lincke et al so that the proxy server would have 
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changed the destination IP address for each packet to one of the server IP addresses for each 
session. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Lincke et al by the teaching of Gelman et al because the 
detrimental effects of latency and errors on TCP are avoided and link utilization is greatly 
increased. TCP/IP headers are replaced with a much shorter WLP header, leaving more 
bandwidth for data. In addition, TCP/IP data may be compressed so that fewer bytes need to be 
sent over the wireless segment, thus improving data transfer times. Encryption may also be used 
to protect data from eavesdropping. Finally, the system may be implemented without making any 
changes to the TCP/IP code on the gateway. No changes of any kind are required to the end users 
[column 5, lines 54-67], 
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Conclusion 

8. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Aravind K Moorthy whose telephone number is 703-305-1373. 
The examiner can normally be reached on Monday-Friday, 8:00-5:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R Sheikh can be reached on 703-305-9648. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

Aravind K Moorthy 
September 2 1,2004 

SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 




